 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.831385 |
| Category: | Mandrake Local Security Checks |
| Title: | Mandriva Update for python-feedparser MDVSA-2011:082 (python-feedparser) |
| Summary: | The remote host is missing an update for the 'python-feedparser'; package(s) announced via the referenced advisory. |
| Description: | Summary: The remote host is missing an update for the 'python-feedparser' package(s) announced via the referenced advisory. Vulnerability Insight: Multiple vulnerabilities has been found and corrected in python-feedparser: Cross-site scripting (XSS) vulnerability in feedparser.py in Universal Feed Parser (aka feedparser or python-feedparser) before 5.0 allows remote attackers to inject arbitrary web script or HTML via vectors involving nested CDATA stanzas (CVE-2009-5065). feedparser.py in Universal Feed Parser (aka feedparser or python-feedparser) before 5.0.1 allows remote attackers to cause a denial of service (application crash) via a malformed DOCTYPE declaration (CVE-2011-1156). Cross-site scripting (XSS) vulnerability in feedparser.py in Universal Feed Parser (aka feedparser or python-feedparser) 5.x before 5.0.1 allows remote attackers to inject arbitrary web script or HTML via malformed XML comments (CVE-2011-1157). Cross-site scripting (XSS) vulnerability in feedparser.py in Universal Feed Parser (aka feedparser or python-feedparser) 5.x before 5.0.1 allows remote attackers to inject arbitrary web script or HTML via an unexpected URI scheme, as demonstrated by a javascript: URI (CVE-2011-1158). The updated packages have been patched to correct these issues. Affected Software/OS: python-feedparser on Mandriva Linux 2010.0, Mandriva Linux 2010.0/X86_64, Mandriva Linux 2010.1, Mandriva Linux 2010.1/X86_64 Solution: Please Install the Updated Packages. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2009-5065 44074 http://secunia.com/advisories/44074 47177 http://www.securityfocus.com/bid/47177 MDVSA-2011:082 http://www.mandriva.com/security/advisories?name=MDVSA-2011:082 [opensuse-updates] 20110408 openSUSE-SU-2011:0314-1 (moderate): python-feedparser security update http://lists.opensuse.org/opensuse-updates/2011-04/msg00026.html http://code.google.com/p/feedparser/issues/detail?id=195 http://support.novell.com/security/cve/CVE-2009-5065.html https://bugzilla.novell.com/show_bug.cgi?id=680074 https://bugzilla.redhat.com/show_bug.cgi?id=684877 Common Vulnerability Exposure (CVE) ID: CVE-2011-1156 43730 http://secunia.com/advisories/43730 46867 http://www.securityfocus.com/bid/46867 [oss-security] 20110314 CVE request for python-feedparser http://openwall.com/lists/oss-security/2011/03/14/18 [oss-security] 20110315 Re: CVE request for python-feedparser http://openwall.com/lists/oss-security/2011/03/15/11 http://support.novell.com/security/cve/CVE-2011-1156.html https://code.google.com/p/feedparser/issues/detail?id=91 Common Vulnerability Exposure (CVE) ID: CVE-2011-1157 http://support.novell.com/security/cve/CVE-2011-1157.html https://code.google.com/p/feedparser/issues/detail?id=254 Common Vulnerability Exposure (CVE) ID: CVE-2011-1158 http://support.novell.com/security/cve/CVE-2011-1158.html https://code.google.com/p/feedparser/issues/detail?id=255 |
| Copyright | Copyright (C) 2011 Greenbone AG |
| This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |